Sunday, April 13, 2008

I am a frequent reader of ComputerWorld for many years. It often offers good news and analysis on technology as well as technology related issues. One of the areas that is of interest to almost everyone with a job that requires using a computer (isn't that everyone these days?) is employers needing to or choosing to monitor on (or spy on?) the PC and net activities of employees. Jaikumar Vijayan has written an interesting article in the April 7, 2008 issue of ComputerWorld, titled "IT 'Big Brothers' trying to keep internal users under control".

One thing most of my readers know quite clearly, is that I am a big proponent of personal liberty, freedom of speech and privacy - citizen rights that the Bush administration has worked hard to destroy for the last eight years. However, on the topic of employers' rights to monitor to employees' use of the computer and network, I fully support employers. A PC is given to employees to do work for the business, not as a personal tool.

Sure, most, if not all of us, have had to use the office computer to login to a bank's web site to pay a credit card bill, or to send a quick email from hotmail or mac.com Mail. However, that is quite clearly not abuse and I know of few employers who would target such use as abuse. (I am sure if the email being sent was sexually explicit or otherwise inappropriate, employers could find that objectionable).

But, such one-off "urgent issue" type personal use does not mean an employee has the right to be sitting writing personal emails, trading stocks, watching online videos, visiting porn sites or chatting with buddies during the hours he or she is being paid to do work.

That means more and more companies are using automated and semi-automated tools and policies to monitor use of their IT resources. ComputerWorld's article (currently available at this link) makes some great points and talks about some products. It starts off by speaking about a technology manager named Tom Scocca at some big company that he did not want identified.

But even before reading the complete article I had to laugh at the silliness of stating "Scocca, (who) asked that his employer not be named."

Don't these "Big Brother" snoops know that anyone with a PC can be snooping on them as easily. Suppose one of the people mentioned in this story was really protecting something seriously important. It is laughable to think that a person seriously targeting him or his company can not reverse snoop on him.

Tom Scocca is most likely the same person who can easily be found on the Internet as being the Senior Security Manager at Applied Materials. Since it can established that this person worked at Cisco, and may have attended Santa Clara University.

We can easily see the company proudly tell us that: Applied Materials, Inc. designs, manufactures, and sells semiconductor fabrication equipment worldwide. It operates in four segments: Silicon, Fab Solutions, Display, and Adjacent Technologies. The Silicon segment provides a range of manufacturing equipment used to fabricate semiconductor chips or integrated circuits.

Even without us feeling like being in a Mission Impossible type movie, an attacker could even speculate or analyze what Tom's attitudes or exposure to technology or even technology philosophy is by doing further research on his past job and even the courses he may have taken in the past. I think the biggest problem is that our IT managers today may be so focused on targeting small fish, they may not even know they are in the bite-path of hungry data sharks themselves.